Security breachesarestill costing companies billions of pounds, according to a new report.

The 2010 Information Security Breaches Survey (ISBS), commissioned by Infosecurity Europe and written by PricewaterhouseCoopers, found spending had remained high despite the recession.

However, many public and private sector organisations were still ill-equipped to deal with potential threats.

Almost half of large organisations surveyed, measured as those with more than 250 employees, admitted staff had either lost or leaked confidential information.

A recent example is the furore surrounding a prototype of Apple's forthcoming iPhone model.

An engineer at the computing firm left the device in a bar and it was then sold to a technology news website, which posted several articles about the product on the internet. Neal Ysart, forensic services specialist at PwC in Scotland, said: "In Scotland, where we have a flourishing customer service sector, employees have access to valuable customer data.

"This finding should persuade risk managers to ask themselves if they really understand the nature of this threat and whether they have fully considered the myriad of ways that an incident might surface in their environment.

"Educating people is just as important as improving security through encrypting data, and more companies than ever before now have a security policy, although only 19 per cent of respondents from large organisations believed their policy is very well understood bystaff.

"The root cause of this is that investment in security awareness training, while on the increase, is still often inadequate."

The number of large companies suffering a security incident in the past year increased from 72 per cent to 92 per cent.

The picture was even more worrying for small businesses, with a rapid increase from 45 per cent to 83 per cent.

The average cost of an incident also increased from between £10,000 and £20,000 to £27,500 to £55,000 for SMEs, and for larger firms it rose from between £90,000 and £170,000 to £280,000 and £690,000.

Ysart added: "Businesses in Scotland need to be aware that the threat of an information security breach and its associated costs applies to them no matter what size they are or how many people they have working for them.

"The evidence in this survey shows there is no room for complacency.

"Almost half the organisations polled confirmed they had increased their expenditure on information security in the last year and roughly the same number said they expected to spend more on it next year.

"At the same time most organisations (82 per cent of large ones and 75 per cent of smaller ones) assess information security risks now, compared to just 48 per cent who did so in 2008.

"It appears organisations are getting better at understanding security risks in a changing business environment where a large majority of them are relying increasingly on external services hosted over the internet.

"Overall, the findings of this survey confirm what our clients are telling us - the number of incidents are on the increase and, like most criminals, the attackers are far quicker at exploiting new technologies and vulnerabilities than businesses are at identifying weaknesses and designing and deploying effectivecontrols.

"Businesses have a range of economic pressures to deal with at the moment and in Scotland my concern would be that with the number and cost of information security incidents on the rise, some businesses might not be giving this issue the attention it deserves."